Topology:
Use configuration from Multicast task #3 as initial configuration for this task.
Add two new interfaces to R1 - VLAN 111 and VLAN 122.
Requirements:
1. Only sources from VLAN 111 and VLAN 112 should be allowed to send multicast traffic.
2. Hosts on VLAN 10 should only be able to join groups from range 230.0.0.0 - 230.255.255.255
3. Hosts on VLAN 34 shoud only be able to joing group from range 231.0.0.0 - 231.255.255.255
4. Ensure that no additional PIM devices can be introduced on either VLAN 10 or VLAN 34.
Solution:
Highlight the text below to reveal the solution.
This task requires understanding of multicast security features - filtering IGMP, PIM neighbors, and PIM register messages.
Requirement #1 - on both RPs, configure " pim accept-register", and only allow R1 addresses. Optionally, set R1 register-source to loopback0 address, so filter only has to list single address.
Requirement #2 and 3 - configure "igmp access-group" on routers R3, R4 VLAN 34 interfaces, and routers R6 and R7 VLAN 10 interfaces. Allow only listed group ranges.
Requirement #4 - configure PIM neighbor filter to only allow the routers listed in the topology to form PIM neighbor relation with each other.
!
ip pim register-source Loopback0
router igmp
..
!
interface GigabitEthernet0/0/0/2
access-group IGMP_ACL
query-interval 20
!
version 2
!
router igmp
interface GigabitEthernet0/0/0/2
access-group IGMP_ACL
query-interval 20
query-max-response-time 10
!
version 2
!
This task requires understanding of multicast security features - filtering IGMP, PIM neighbors, and PIM register messages.
Requirement #1 - on both RPs, configure " pim accept-register", and only allow R1 addresses. Optionally, set R1 register-source to loopback0 address, so filter only has to list single address.
Requirement #2 and 3 - configure "igmp access-group" on routers R3, R4 VLAN 34 interfaces, and routers R6 and R7 VLAN 10 interfaces. Allow only listed group ranges.
Requirement #4 - configure PIM neighbor filter to only allow the routers listed in the topology to form PIM neighbor relation with each other.
R1:
!
ip pim register-source Loopback0
!
R3:
..
!
interface GigabitEthernet0/0/0/2
access-group IGMP_ACL
query-interval 20
!
version 2
!
ipv4 access-list IGMP_ACL
10 permit ipv4 231.0.0.0 0.255.255.255 any (105 matches)
!
R4:
router igmp
interface GigabitEthernet0/0/0/2
access-group IGMP_ACL
query-interval 20
query-max-response-time 10
!
version 2
!
router pim
address-family ipv4
rp-address 13.0.3.3
accept-register FILTER
interface Loopback0
enable
!
interface GigabitEthernet0/0/0/2
neighbor-filter VLAN34
!
bsr candidate-rp 13.0.4.4 priority 1 interval 60
!
!
!
ipv4 access-list VLAN34
10 permit ipv4 host 13.0.34.3 any
20 permit ipv4 host 13.0.34.4 any
!
ipv4 access-list IGMP_ACL
10 permit ipv4 231.0.0.0 0.255.255.255 any
!
R5:
!
ip pim accept-register list 100
!
access-list 100 permit ip host 13.0.1.1 any
!
R6:
!
interface Ethernet0/1
bandwidth 100
ip address 13.0.10.6 255.255.255.0
ip pim neighbor-filter 67
ip pim bsr-border
ip pim sparse-mode
ip igmp query-max-response-time 5
ip igmp access-group 10
ip igmp query-interval 10
!
!
access-list 10 permit 230.0.0.0 0.255.255.255
access-list 67 permit 13.0.10.6
access-list 67 permit 13.0.10.2
!
R7:
!
interface Ethernet0/0
bandwidth 100
ip address 13.0.10.2 255.255.255.0
ip pim neighbor-filter 67
ip pim bsr-border
ip pim sparse-mode
ip igmp access-group 10
!
!
access-list 10 permit 230.0.0.0 0.255.255.255
access-list 67 permit 13.0.10.2
access-list 67 permit 13.0.10.6
!
